Facebook is making headlines for yet another security weakness. This time, an elaborate scam is leading unsuspecting Facebook users to put their accounts in danger.

The latest Facebook scam promises to help users hack Facebook accounts, but actually leads users to give up their own online privacy. Users on Mozilla, Google Chrome and Firefox have confirmed that the scam pops up in the form of a message from a friend, indicating that the scam spreads using the victims’ friends list.

Hacking through cross-site scripting is called “XSS” and since the user carries out this process him/her self, this particular scam type is called Self-XSS.

The instructions lead unsuspecting users into the JavaScript console. The user is led to use the hackers’ code on Facebook’s console, giving the hacker access to the user’s Facebook account.

Facebook’s JavaScript console as most victims of the scam see it

The message promises to give Facebook users privileged access by copy pasting a part of the page script into their browser’s address bar. It looks relatively harmless and provides step-by-step instructions that promise to take effect in two hours once executed. Needless to say, they don’t really work and spread the scam forward through the victim’s account.

The console is the back-end of your browser through which developers and programmers are able to test, add and debug features. Tampering with the console without complete knowledge of its functions is usually discouraged.

Falling victim to the scam leads users to unknowingly subscribe to particular Facebook pages directed by the hackers who designed the scam ware.

It also sends the users’ private Facebook info to the scammers behind the clever trick.

Last year, Facebook made headlines in June when a UK based Security Researcher called “fin1te” identified a loophole in Facebook’s SMS notifications. The loophole exploited the option to link Facebook accounts with mobile numbers for updates. Facebook pleaded guilty to the fault and rewarded fin1te under the Bug Bounty program – which is a program designed to invite the internet community to find faults in Facebook and report them in exchange for rewards.

I see it! What should I do?

Don’t panic if this post (or a similar one) pops up on your feed or on your profile, immediately delete the photo/post/page/group/event and change your password. If you receive any scam ware from a friend, report it as spam and inform your friend to change his/her password after deleting the malicious content.

Run a system-wide scan to ensure that no malware has entered your system. Activate your best Facebook VPN before you start browsing the internet to encrypt your data so that your data is indecipherable if it falls into the wrong hands. This will secure you from a worst-case and protect your online identity.

Danish Pervez

Danish Pervez's Biography :

When the world sleeps, Danish Pervez is online researching consumer preferences and identifying next-gen trend waves. Experience in IT, combined with his diverse expertise in marketing and research - both traditional and digital - gives him an insight well worth reading and sharing.